计算机网络攻击检测中的监督机器学习技术分析

IF 4.3 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computer Communications Pub Date : 2025-05-15 DOI:10.1016/j.comcom.2025.108203

Domingos S.F. Paes, Carlos H.V. de Moraes, Bruno G. Batista

{"title":"计算机网络攻击检测中的监督机器学习技术分析","authors":"Domingos S.F. Paes, Carlos H.V. de Moraes, Bruno G. Batista","doi":"10.1016/j.comcom.2025.108203","DOIUrl":null,"url":null,"abstract":"<div><div>In an era marked by an increasing reliance on technology in our daily lives, the imperative to ensure the availability and security of infrastructures supporting system operations is evident. This commitment is crucial for guaranteeing service quality, delivering a positive end-user experience, and optimizing resource utilization. Against this backdrop, the integration of new technologies, such as artificial intelligence and machine-learning, becomes essential to enhance the agility of problem detection and mitigate potential impacts. The study presented in this paper delves into an analysis of various supervised classifier machine-learning methods applied to data collected from network equipment, specifically switches. The primary objective is to detect attacks within the network infrastructure of a higher education institution. The attacks were categorized into distinct signatures, forming datasets instrumental in the comparative assessment of machine-learning techniques. The models derived from these methods demonstrated promising results, achieving an impressive 99.88% in the Weighted F1 metric and 99.23% in Balanced Accuracy. Beyond traditional metrics, the study also considered critical factors such as training time, prediction time, and saved file size for a comprehensive evaluation of the methods. This multifaceted analysis aids in identifying the most suitable method, taking into account not only classification performance but also practical considerations associated with real-world deployment.</div></div>","PeriodicalId":55224,"journal":{"name":"Computer Communications","volume":"240 ","pages":"Article 108203"},"PeriodicalIF":4.3000,"publicationDate":"2025-05-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Analysis of supervised machine-learning techniques in computer networks attack detection\",\"authors\":\"Domingos S.F. Paes, Carlos H.V. de Moraes, Bruno G. Batista\",\"doi\":\"10.1016/j.comcom.2025.108203\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>In an era marked by an increasing reliance on technology in our daily lives, the imperative to ensure the availability and security of infrastructures supporting system operations is evident. This commitment is crucial for guaranteeing service quality, delivering a positive end-user experience, and optimizing resource utilization. Against this backdrop, the integration of new technologies, such as artificial intelligence and machine-learning, becomes essential to enhance the agility of problem detection and mitigate potential impacts. The study presented in this paper delves into an analysis of various supervised classifier machine-learning methods applied to data collected from network equipment, specifically switches. The primary objective is to detect attacks within the network infrastructure of a higher education institution. The attacks were categorized into distinct signatures, forming datasets instrumental in the comparative assessment of machine-learning techniques. The models derived from these methods demonstrated promising results, achieving an impressive 99.88% in the Weighted F1 metric and 99.23% in Balanced Accuracy. Beyond traditional metrics, the study also considered critical factors such as training time, prediction time, and saved file size for a comprehensive evaluation of the methods. This multifaceted analysis aids in identifying the most suitable method, taking into account not only classification performance but also practical considerations associated with real-world deployment.</div></div>\",\"PeriodicalId\":55224,\"journal\":{\"name\":\"Computer Communications\",\"volume\":\"240 \",\"pages\":\"Article 108203\"},\"PeriodicalIF\":4.3000,\"publicationDate\":\"2025-05-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer Communications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0140366425001604\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Communications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0140366425001604","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

在我们的日常生活中越来越依赖技术的时代，确保支持系统运行的基础设施的可用性和安全性的必要性是显而易见的。这一承诺对于保证服务质量、提供积极的最终用户体验和优化资源利用至关重要。在这种背景下，人工智能和机器学习等新技术的整合对于提高问题检测的敏捷性和减轻潜在影响至关重要。本文提出的研究深入分析了各种监督分类器机器学习方法，这些方法应用于从网络设备（特别是交换机）收集的数据。主要目标是检测高等教育机构网络基础设施内的攻击。这些攻击被分类为不同的签名，形成了对机器学习技术的比较评估有用的数据集。从这些方法中得到的模型显示了令人鼓舞的结果，加权F1指标达到了令人印象深刻的99.88%，平衡精度达到了99.23%。除了传统的指标外，该研究还考虑了关键因素，如训练时间、预测时间和保存的文件大小，以对方法进行全面评估。这种多方面的分析有助于确定最合适的方法，不仅要考虑分类性能，还要考虑与实际部署相关的实际考虑。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Analysis of supervised machine-learning techniques in computer networks attack detection

In an era marked by an increasing reliance on technology in our daily lives, the imperative to ensure the availability and security of infrastructures supporting system operations is evident. This commitment is crucial for guaranteeing service quality, delivering a positive end-user experience, and optimizing resource utilization. Against this backdrop, the integration of new technologies, such as artificial intelligence and machine-learning, becomes essential to enhance the agility of problem detection and mitigate potential impacts. The study presented in this paper delves into an analysis of various supervised classifier machine-learning methods applied to data collected from network equipment, specifically switches. The primary objective is to detect attacks within the network infrastructure of a higher education institution. The attacks were categorized into distinct signatures, forming datasets instrumental in the comparative assessment of machine-learning techniques. The models derived from these methods demonstrated promising results, achieving an impressive 99.88% in the Weighted F1 metric and 99.23% in Balanced Accuracy. Beyond traditional metrics, the study also considered critical factors such as training time, prediction time, and saved file size for a comprehensive evaluation of the methods. This multifaceted analysis aids in identifying the most suitable method, taking into account not only classification performance but also practical considerations associated with real-world deployment.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computer Communications 工程技术-电信学

CiteScore

14.10

自引率

5.00%

发文量

397

审稿时长

66 days

期刊介绍： Computer and Communications networks are key infrastructures of the information society with high socio-economic value as they contribute to the correct operations of many critical services (from healthcare to finance and transportation). Internet is the core of today''s computer-communication infrastructures. This has transformed the Internet, from a robust network for data transfer between computers, to a global, content-rich, communication and information system where contents are increasingly generated by the users, and distributed according to human social relations. Next-generation network technologies, architectures and protocols are therefore required to overcome the limitations of the legacy Internet and add new capabilities and services. The future Internet should be ubiquitous, secure, resilient, and closer to human communication paradigms. Computer Communications is a peer-reviewed international journal that publishes high-quality scientific articles (both theory and practice) and survey papers covering all aspects of future computer communication networks (on all layers, except the physical layer), with a special attention to the evolution of the Internet architecture, protocols, services, and applications.